From bf4fc5c25ec31566b0fc1ee2e5e8bc15e5512893 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Thu, 10 Apr 2014 18:58:08 -0400
Subject: [PATCH] Add support for NIO2 IoSession
---
src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java | 137 +++++++++++++++++----------------------------
1 files changed, 53 insertions(+), 84 deletions(-)
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
index 4ab20f3..d41afdd 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
@@ -15,25 +15,20 @@
*/
package com.gitblit.transport.ssh;
-import java.io.File;
-import java.io.IOException;
import java.security.PublicKey;
+import java.util.List;
import java.util.Locale;
import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.sshd.common.util.Buffer;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
-import org.eclipse.jgit.lib.Constants;
-import com.gitblit.manager.IGitblit;
-import com.google.common.base.Charsets;
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
-import com.google.common.cache.Weigher;
-import com.google.common.io.Files;
/**
*
@@ -42,84 +37,58 @@
*/
public class SshKeyAuthenticator implements PublickeyAuthenticator {
- protected final IGitblit gitblit;
+ protected final IKeyManager keyManager;
+
+ protected final IAuthenticationManager authManager;
- LoadingCache<String, SshKeyCacheEntry> sshKeyCache = CacheBuilder
- .newBuilder().maximumWeight(2 << 20).weigher(new SshKeyCacheWeigher())
- .build(new CacheLoader<String, SshKeyCacheEntry>() {
- public SshKeyCacheEntry load(String key) throws Exception {
- return loadKey(key);
- }
+ LoadingCache<String, List<PublicKey>> sshKeyCache = CacheBuilder
+ .newBuilder().
+ expireAfterAccess(15, TimeUnit.MINUTES).
+ maximumSize(100)
+ .build(new CacheLoader<String, List<PublicKey>>() {
+ public List<PublicKey> load(String username) {
+ return keyManager.getKeys(username);
+ }
+ });
- private SshKeyCacheEntry loadKey(String key) {
- try {
- // TODO(davido): retrieve absolute path to public key directory:
- //String dir = gitblit.getSettings().getString("public_key_dir", "data/ssh");
- String dir = "/tmp/";
- // Expect public key file name in form: <username.pub> in
- File file = new File(dir + key + ".pub");
- String str = Files.toString(file, Charsets.ISO_8859_1);
- final String[] parts = str.split(" ");
- final byte[] bin =
- Base64.decodeBase64(Constants.encodeASCII(parts[1]));
- return new SshKeyCacheEntry(key, new Buffer(bin).getRawPublicKey());
- } catch (IOException e) {
- throw new RuntimeException("Canot read public key", e);
- }
- }
- });
+ public SshKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) {
+ this.keyManager = keyManager;
+ this.authManager = authManager;
+ }
- public SshKeyAuthenticator(IGitblit gitblit) {
- this.gitblit = gitblit;
- }
+ @Override
+ public boolean authenticate(String username, final PublicKey suppliedKey,
+ final ServerSession session) {
+ final SshSession sd = session.getAttribute(SshSession.KEY);
- @Override
- public boolean authenticate(String username, final PublicKey suppliedKey,
- final ServerSession session) {
- final SshSession sd = session.getAttribute(SshSession.KEY);
+ username = username.toLowerCase(Locale.US);
+ try {
+ List<PublicKey> keys = sshKeyCache.get(username);
+ if (keys == null || keys.isEmpty()) {
+ sd.authenticationError(username, "no-matching-key");
+ return false;
+ }
+ for (PublicKey key : keys) {
+ if (key.equals(suppliedKey)) {
+ return validate(username, sd);
+ }
+ }
+ return false;
+ } catch (ExecutionException e) {
+ sd.authenticationError(username, "user-not-found");
+ return false;
+ }
+ }
- // if (config.getBoolean("auth", "userNameToLowerCase", false)) {
- username = username.toLowerCase(Locale.US);
- // }
- try {
- // TODO: allow multiple public keys per user
- SshKeyCacheEntry key = sshKeyCache.get(username);
- if (key == null) {
- sd.authenticationError(username, "no-matching-key");
- return false;
- }
-
- if (key.match(suppliedKey)) {
- return success(username, session, sd);
- }
- return false;
- } catch (ExecutionException e) {
- sd.authenticationError(username, "user-not-found");
- return false;
- }
- }
-
- boolean success(String username, ServerSession session, SshSession sd) {
- sd.authenticationSuccess(username);
- /*
- * sshLog.onLogin();
- *
- * GerritServerSession s = (GerritServerSession) session;
- * s.addCloseSessionListener( new SshFutureListener<CloseFuture>() {
- *
- * @Override public void operationComplete(CloseFuture future) { final
- * Context ctx = sshScope.newContext(null, sd, null); final Context old =
- * sshScope.set(ctx); try { sshLog.onLogout(); } finally {
- * sshScope.set(old); } } }); }
- */
- return true;
- }
-
- private static class SshKeyCacheWeigher implements
- Weigher<String, SshKeyCacheEntry> {
- @Override
- public int weigh(String key, SshKeyCacheEntry value) {
- return key.length() + value.weigh();
- }
- }
+ boolean validate(String username, SshSession sd) {
+ // now that the key has been validated, check with the authentication
+ // manager to ensure that this user exists and can authenticate
+ sd.authenticationSuccess(username);
+ UserModel user = authManager.authenticate(sd);
+ if (user != null) {
+ return true;
+ }
+ sd.authenticationError(username, "user-not-found");
+ return false;
+ }
}
--
Gitblit v1.9.1